A server administrator is investigating a breach and determines that an attacker modified the application log to obfuscate the attack vector. During the lessons
learned activity the facilitator asks for a mitigation response to protect the integrity of the logs should a similar attack occur. Which of the following mitigations would
be MOST appropriate to fulfill the requirement?

A.
Host-based IDS
B.
Automated log analysis
C.
Enterprise SIEM
D.
Real-time event correlation